spade
spade copied to clipboard
javipalanca
Agent fails to register itself on an XMPP server with an invalid certificate
- SPADE version: 3.0.9
- Python version: 3.6.7
- Operating System: Debian 9.6 Note: I'm running Debian on Windows 10 (via WSL), but I've verified the behaviour on another machine with LMDE2 (Debian 8). Both machines use pyenv/pipenv to ensure exact version match for both Python and SPADE. Both machines use locally running Openfire (in newest version, 4.2.3) with user registration allowed.
Description
Agents should be able to self-register on the XMPP server (as per #31), but both register() and start(auto_register=True) fails with aiosasl.AuthenticationFailure and spade.agent.AuthenticationFailure.
Important note: I'm yet to test it with an XMPP server hosted under a proper domain name and with a valid certificate - this might be the underlying issue here. For testing purposes I've tried registering a new user using Pidgin and it went through without problems, though it did require confirming reception of server's self-signed certificate.
What I Did
My almost-minimal not working example:
#!/usr/bin/env python3
from spade.agent import Agent
class TestAgent(Agent):
def setup(self):
print("test agent setup")
def main():
print("Creating agent...")
serverAgent = TestAgent("[email protected]", "pass1234")
print("Agent created, starting...")
serverAgent.start()
print("Agent started, stopping...")
serverAgent.stop()
print("Agent stopped, closing!")
if __name__ == "__main__":
main()
run as $ pipenv run ./testRegister.py outputs:
Creating agent...
Agent created, starting...
main failed
Traceback (most recent call last):
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 824, in _on_main_done
task.result()
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 989, in _main
yield from self._main_impl()
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 951, in _main_impl
logger=self.logger)
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 400, in connect_xmlstream
jid, metadata, negotiation_timeout, loop, logger,
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 279, in _try_options
features=features,
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/security_layer.py", line 1201, in negotiate_sasl
raise last_auth_error
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/security_layer.py", line 1185, in negotiate_sasl
jid, features, xmlstream, transport)
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/security_layer.py", line 983, in execute
intf, mechanism, token)
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/security_layer.py", line 848, in _execute
yield from mechanism.authenticate(sm, token)
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aiosasl/__init__.py", line 712, in authenticate
username, password = yield from self._credential_provider()
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/security_layer.py", line 960, in credential_provider
text="authentication aborted by user")
aiosasl.AuthenticationFailure: user intervention: authentication failed: authentication aborted by user
Traceback (most recent call last):
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/spade/agent.py", line 378, in connect
self.stream = self.loop.run_until_complete(aenter)
File "/home/mjbogusz/.pyenv/versions/3.6.7/lib/python3.6/asyncio/base_events.py", line 473, in run_until_complete
return future.result()
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 1630, in __aenter__
yield from conn_future
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 824, in _on_main_done
task.result()
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 989, in _main
yield from self._main_impl()
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 951, in _main_impl
logger=self.logger)
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 400, in connect_xmlstream
jid, metadata, negotiation_timeout, loop, logger,
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/node.py", line 279, in _try_options
features=features,
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/security_layer.py", line 1201, in negotiate_sasl
raise last_auth_error
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/security_layer.py", line 1185, in negotiate_sasl
jid, features, xmlstream, transport)
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/security_layer.py", line 983, in execute
intf, mechanism, token)
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/security_layer.py", line 848, in _execute
yield from mechanism.authenticate(sm, token)
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aiosasl/__init__.py", line 712, in authenticate
username, password = yield from self._credential_provider()
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/aioxmpp/security_layer.py", line 960, in credential_provider
text="authentication aborted by user")
aiosasl.AuthenticationFailure: user intervention: authentication failed: authentication aborted by user
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "./testRegister.py", line 19, in <module>
main()
File "./testRegister.py", line 13, in main
serverAgent.start()
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/spade/agent.py", line 98, in start
self.aiothread.connect()
File "/home/mjbogusz/.local/share/virtualenvs/testspade-MdaXyzjQ/lib/python3.6/site-packages/spade/agent.py", line 382, in connect
"Could not authenticate the agent. Check user and password or use auto_register=True")
spade.agent.AuthenticationFailure: Could not authenticate the agent. Check user and password or use auto_register=True
Update: I've checked with an XMPP server hosted on a real domain with a valid certificate and it works as intended.
How about something like this?
def register(self, accept_selfsigned = False):
....
def start(self, auto_register = True, accept_selfsigned = False):
...
I'm not sure how difficult it would be.
Additionally I'm not sure whether differentiation between self-signed and otherwise invalid certificates (outdated, rejected, invalid domain etc) is needed at all, maybe just an accept_invalid flag would suffice while probably simplifying the required code.
The agent constructor already has a verify_security=False flag that should work (it works for me).
A common mistake is to have the username already registered in the server with a different password. Could you check that?
The problem is with registering a new account. If the account is created beforehand, it goes through smoothly; invalid password results in a different error.
I've noticed the verify_security=False flag, but it does not set the STARTTLS to "disabled" or "if-available", and the default value is "required". So my hypothesis is that either the underlying library whines about the cetificate due to the required STARTTLS, or it just ignores the disabled security flag during registration.
Ok, let me check that use case and I'll try to figure out how to solve it.